/// <summary> /// Gets security configurations for the field specified. /// </summary> /// <param name="securityContext">The security context.</param> /// <param name="fieldDefinition">The field definition.</param> /// <param name="identity">The user identity.</param> /// <returns>The collection of AggregateSecurityConfig objects.</returns> public static IList<SecurityConfig> GetSecurityConfigsForField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity) { var result = new HashSet<SecurityConfig>(); if (Utils.CurrentUserHasAdministratorRights) return new List<SecurityConfig>(); if (securityContext == null || fieldDefinition == null || identity == null) return new List<SecurityConfig>(); if (AlwaysVisible(fieldDefinition.SystemName)) return new List<SecurityConfig>(); var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName); if (fieldConfigs != null) { fieldConfigs = fieldConfigs.Where(x => (x.BusinessUnitId == Constants.AllBusinessUnitsId || x.BusinessUnitId == identity.BusinessUnitId) && (x.RoleId == Constants.AllRolesId || identity.RolesId.Contains(x.RoleId)) && x.CanView).ToList(); if (!fieldConfigs.Any(c => c.StateGuid == Constants.AllStatesGuid && c.PersonFieldName == Constants.AllPersonFieldsSystemName)) { var personsForAllStates = fieldConfigs.Where(x => x.StateGuid == Constants.AllStatesGuid) .Select(x => x.PersonFieldName) .Distinct() .ToList(); var statesForAllPersons = fieldConfigs.Where(x => x.PersonFieldName == Constants.AllPersonFieldsSystemName) .Select(x => x.StateGuid) .Distinct() .ToList(); foreach (var config in fieldConfigs) { var secConf = new SecurityConfig( personsForAllStates.Contains(config.PersonFieldName) ? null : config.StateGuid.ToString("D"), statesForAllPersons.Contains(config.StateGuid) ? null : config.PersonFieldName); secConf.SetPersonId(identity.PersonId.ToString(CultureInfo.InvariantCulture)); result.Add(secConf); } } } return result.ToList(); }
/// <summary> /// Gets the value indicating whether user has chances to read value from the field specified. /// </summary> /// <param name="securityContext">The security context.</param> /// <param name="fieldDefinition">The field definition.</param> /// <param name="identity">The user identity.</param> /// <returns><c>true</c> if can calculate aggregates, otherwise <c>false</c>.</returns> public static bool CanAccessField(ISecurityContext securityContext, IBaseFieldDefinition fieldDefinition, IMQ1Identity identity) { if (securityContext == null || fieldDefinition == null || identity == null) return false; if (AlwaysVisible(fieldDefinition.SystemName)) return true; if (Utils.CurrentUserHasAdministratorRights) return true; var fieldConfigs = securityContext.GetConfigurationList(fieldDefinition.GetTableName(), fieldDefinition.SystemName); if (fieldConfigs != null) { var matches = fieldConfigs.Where(sc => (sc.BusinessUnitId == Constants.AllBusinessUnitsId || sc.BusinessUnitId == identity.BusinessUnitId) && (sc.RoleId == Constants.AllRolesId || identity.RolesId.Contains(sc.RoleId))).ToList(); if (matches.Any(x => x.CanView)) return true; } return false; }
private static void UnAuthenticate(SysMenuViewModel vm, IMQ1Identity identityMock) { Mock.Arrange(() => identityMock.IsAuthenticated).Returns(false); Mock.Arrange(() => identityMock.IsAdmin).Returns(false); vm.IsAdminEnabled = false; }
private static void SwitchToAdmin(SysMenuViewModel vm, IMQ1Identity identityMock) { Mock.Arrange(() => identityMock.IsAuthenticated).Returns(true); Mock.Arrange(() => identityMock.IsAdmin).Returns(true); vm.IsAdminEnabled = true; }
/// <summary> /// Determines whether the specified target has person. /// </summary> /// <param name="target">The target.</param> /// <param name="personFieldName">Name of the person field.</param> /// <param name="person">The person.</param> /// <returns><c>true</c> if the specified target has person; otherwise, <c>false</c>.</returns> public static bool HasPerson(object target, string personFieldName, IMQ1Identity person) { if (string.IsNullOrWhiteSpace(personFieldName) || personFieldName == Constants.AllPersonFieldsSystemName) return false; if (target == null) return false; var checkRules = target as ICheckRules; try { if (checkRules != null) checkRules.SuppressRuleChecking(); var fieldInfo = GetProperty(personFieldName, ref target); if (fieldInfo == null) return false; var crossRefAttr = (CrossRefFieldAttribute) fieldInfo.GetCustomAttributes(typeof(CrossRefFieldAttribute), false).FirstOrDefault(); if (crossRefAttr == null) return false; if (person != null && !person.PersonIds.Keys.Contains(crossRefAttr.ReferenceTableName)) return false; if (person != null) { var personId = person.PersonIds[crossRefAttr.ReferenceTableName]; var dynamicTarget = target as IDynamicObject; if (dynamicTarget == null) return false; if (crossRefAttr.AllowMultiple) { if (dynamicTarget is IInfoClass) { var ids = dynamicTarget.ReadValueByPropertyName(personFieldName + Constants.MultipleIdsCrossRefPropertyInfoClass) as string; if (string.IsNullOrWhiteSpace(ids)) { return false; } if (ids.Contains(", ")) { var idsList = ids.Split(", ".ToCharArray(), StringSplitOptions.RemoveEmptyEntries); return idsList.Select(SafeTypeConverter.Convert<int>).Any(x => x == personId); } int id; return SafeTypeConverter.TryToConvert(ids, out id) && id == personId; } var multiCrossRef = dynamicTarget.ReadValueByPropertyName(personFieldName) as ICrossRefItemList; if (multiCrossRef == null) return false; if (multiCrossRef.OfType<ICrossRefItemInfo>().Any(reference => reference.Id == personId)) return true; } else { int? crossRef; if (target is IInfoClass) { crossRef = dynamicTarget.ReadValueByPropertyName(personFieldName + "Id") as int?; } else { crossRef = dynamicTarget.ReadValueByPropertyName(personFieldName) as int?; } if (!crossRef.HasValue) return false; return crossRef.Value == personId; } } } catch (Exception ex) { #if !SILVERLIGHT Log4NetLogger.Instance.Log(LogSeverity.Error, string.Empty, ex); #else if (Debugger.IsAttached) { Debug.WriteLine(ex); Debugger.Break(); } #endif } finally { if (checkRules != null) checkRules.ResumeRuleChecking(); } return false; }
public static SecurityGroupCollection GetSecurityGroups(ISecurityContext securityContext, IMQ1Identity identity, ProcessDefinition processDefinition, IEnumerable<SecurityColumnDescriptor> fields = null) { var groups = new SecurityGroupCollection(); if (Utils.CurrentUserHasAdministratorRights) return groups; if (securityContext == null || processDefinition == null || identity == null) return groups; var fieldDefinitions = new List<IBaseFieldDefinition>(); var fieldList = fields != null ? fields.ToList() : null; if (fields != null && fieldList.Any()) { foreach (var fieldName in fieldList.Select(x => x.ColumnName)) { try { var field = processDefinition.GetField(fieldName); fieldDefinitions.Add(field); } catch (ArgumentException) { } } } else { fieldDefinitions.AddRange( processDefinition.GetAllFields()); } foreach (var fieldDefinition in fieldDefinitions) { var canAccessData = CanAccessField(securityContext, fieldDefinition, identity); var securityConfigs = canAccessData ? GetSecurityConfigsForField(securityContext, fieldDefinition, identity) : new List<SecurityConfig>(); SecurityColumnDescriptor columnDescriptor = null; if (fieldList != null) columnDescriptor = fieldList.FirstOrDefault(x => x.ColumnName == fieldDefinition.SystemName); if (columnDescriptor == null) columnDescriptor = new SecurityColumnDescriptor(fieldDefinition.SystemName); groups.AddColumnSecurityConfigs(columnDescriptor, securityConfigs, canAccessData); } return groups; }